Privacy Policy - Angel Underwriting

privacy policy

This Privacy Notice describes how Angel Risk Management Limited ("Angel", "we" or "us") collect, use, share and secure personal information when we provide our services as an insurance business. It also describes your choices regarding use, access and correction of your personal information. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.

  • 1. Personal information we use

    As an insurance and reinsurance business, we need to obtain information about the individuals covered in an insurance policy, or individuals that are beneficiaries of, or have made claims under, an insurance policy, or individuals who are involved in an incident giving rise to an insurance claim. This is so that we can properly assess the risks associated with providing insurance or reinsuring a particular block of insurance policies and administer and manage our products and services. This privacy notice applies to any individual whose personal information we process in the course of providing the services (each a "data subject" or "you").

    We may be required by law to collect certain personal information about you, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations. We will inform you at the time your information is collected whether certain data is compulsory and the consequences of the failure to provide such data.

    1.1 Information we collect about you

    The type of information we may collect and process about you will depend upon the type of insurance we are offering or underwriting. It may include any of the below (where permitted by law):

    • Personal details: Your name, age, gender, date of birth, photographs, marital status, nationality, height and weight, leisure activities and interests.
    • Identification information and criminal data: Your government-issued ID, driving licence, social security number (or local equivalent), driving record and criminal record (but only where it is lawful to collect this data).
    • Contact Information: Your address, telephone numbers and email address.
    • Information about your family and home: Your family health or morbidity history, number of children and name, age and gender of children, your dwelling type, your household income, home valuation and household demographics.
    • Employment and experience information: Your employment history, job role, salary, employment benefit options, educational background and any professional licences and qualifications.
    • Financial information: Details pertaining to your bank account, annual income, investment/savings, tax payer ID, credit history and transaction history.
    • Information to conduct our business: Information relating to underwriting insurance products and managing and processing insurance claims, such as previous insurance records and claims histories, services relating to our businesses and your business dealings or relationship with us.

    From the information we collect about you, we may also derive or generate further information such as risk ratings. Some of this information is generated through profiling (see the section below on "Do we use personal information for profiling and automated decision making?").

    1.2 Special categories of personal data

    Some of the categories of information we collect are special categories of personal information (sometimes referred to as "sensitive personal information"). These include:

    • your health records (such as your medical history, genetic test results and information, prescription history, death certificate and reports on medical diagnoses, tests and treatment)
    • biometric information (photo ID, fingerprint and voiceprint)
    • your family medical history
    • information about your personal characteristics and circumstances of a sensitive nature such as your racial or ethnic origin, sexual orientation, sex life, mental and physical health and genetic information
    • your membership of a professional association or trade union

    We may also collect information about criminal convictions or offences where authorised by law.

    1.3 Sources of the information we collect

    We collect personal information from you directly when you voluntarily provide it to us, for instance if you submit application forms to be considered for insurance products or contact us.

    We also collect your personal information from a variety of sources:

    • From insurance companies that we work with
    • From third party claims handlers who are involved in a claim or assist us in investigating or processing claims, including witnesses and external claims data collectors and verifiers
    • From our business partners with whom we work to provide insurance products
    • From public sources, such as public databases (where permitted by law)
    • From insurance brokers or other intermediaries
    • From third party evidence providers
    • From healthcare service providers
    • From financial institutions
    • From pension processing platforms
    • From individuals that you may be associated with (e.g. joint account holders, company employees or directors, family members, etc.)

    Occasionally we may collect your personal information from a third party, in particular from authorised, regulatory, public sources such as government regulators, industry self-governing bodies and other publicly available records. This will be most common when we are complying with our legal obligations regarding money laundering and other financial crimes. If appropriate, in these circumstances we will either notify you of our sources or seek your consent to their use.

  • 2. How we use your personal information and the basis on which we use it

    We use your personal information to:

    1. to provide our services and fulfil our contractual obligations
    2. to review, process and manage claims
    3. to conduct data analysis, which helps us assess risks, price our products appropriately and improve our services
    4. to help up prevent and detect fraud, money laundering, terrorism and other crimes
    5. to help develop new, and improve existing, services
    6. to operate and expand our business activities
    7. to carry out background checks, where lawful
    8. to perform administrative activities in connection with our services
    9. to exercise, defend and protect our legal rights or the rights of third parties
    10. to comply with legal obligations and to cooperate with regulatory bodies to which we are subject
    11. for research and development of new insurance products
    12. to audit our business
    13. for marketing purposes.

    We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:

    1. to complete necessary pre-contractual checks to ensure that we can assess your suitability for the insurance products we offer
    2. to fulfil our contractual obligations to you, for example to provide the services you request and to ensure that invoices are paid correctly. Failure to provide this information may prevent or delay the fulfilment of these contractual obligations
    3. to comply with our legal obligations, such as due diligence and reporting obligations, and responding to binding requests from regulators, law enforcement authorities or other government authorities
    4. to meet our legitimate interests, for example for example to improve our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, and to maintain accurate records. When we process personal information to meet our legitimate interests, we always balance these against your fundamental rights and freedoms and put in place robust safeguards to ensure that your privacy is protected
    5. to exercise our legal rights where it is necessary to do so, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law.

    If it is necessary that we process your sensitive personal information for one of the purposes listed above, we will only do so where one of the following applies:

    1. We have obtained your explicit consent
    2. We need to process your sensitive personal information to establish, exercise or defend a legal claim
    3. We need to process your sensitive personal information for reasons of substantial public interest, for example to prevent or detect unlawful acts or fraud or for an insurance purpose
    4. We are otherwise authorised by local law to process your sensitive personal information.

    We may obtain your consent to collect and use certain types of personal information when we are required to do so by law (for example, in relation to our direct marketing activities, cookies and tracking technologies or when we process sensitive personal information). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy Notice.

  • 3. Your rights over your personal information

    You have certain rights regarding your personal information, subject to local law. These include the following rights to:

    • access your personal information
    • rectify the information we hold about you
    • erase your personal information
    • restrict our use of your personal information
    • object to our use of your personal information
    • receive your personal information in a usable electronic format and transmit it to a third party (right to data portability)
    • lodge a complaint with your local data protection authority.

    If you would like to discuss or exercise such rights, please contact us at the details below.

    We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.

    We will contact you if we need additional information from you in order to honour your requests.

  • 4. Automated decisions about you

    The way we analyse personal information for the purposes of e.g. risk assessment or fraud prevention may involve profiling, which means that we may process your personal information using software that is able to evaluate your personal aspects and predict risks or outcomes. We may also use profiling, or otherwise employ solely automated means, to make decisions about you that relate to the basis on which we provide insurance to you on behalf of other insurance companies. This is known as "automated decision-making" and is only permitted when we have a legal basis for this type of decision-making.

    We may make automated decisions about you:

    • Where such decisions are necessary for entering into a contract. For example, we may decide not to offer insurance to you, or we may decide on the types of insurance that are suitable for you, or how much to charge you for our products based on your credit history and other financial information we have collected about you
    • Where such decisions are required or authorised by law, for example for fraud prevention purposes
    • Where you give your consent to us carrying out automated decision-making.

    Subject to local legal requirements and limitations, you can contact us to request further information about automated decision-making, object to our use of automated decision-making, or request an automated decision to be reviewed by a human being.

  • 5. Information sharing

    We may share your personal information with third parties under the following circumstances:

    • XL group companies. We operate as a global business, so we may share your personal information with group companies who may use this information for the purposes described in this privacy notice.
    • Insurance companies, coverholders, intermediaries, financial institutions, reinsurers and business partners. We may share your personal information with insurance companies, intermediaries, financial institutions, reinsurers and business partners that use your personal information in connection with the provision of insurance and processing of claims. For example, we may share your personal information with other insurance / reinsurance businesses for the purposes of settling claims.
    • Service providers. We may share your personal information with service providers that perform services and other business operations for us, for example, IT and analytics providers, actuarial service entities, auditors and advisers.
    • Any law enforcement agency, court, regulator, government authority or professional body. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
    • Asset purchasers. We may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy notice.
    • Customer companies. We may share our personal information with your company or employer in certain circumstances, for example, if your company has a corporate insurance product with us and you make a claim under that product.

    Because we operate as part of a global business, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the services). See the section on "International Data Transfer" below for more information.

    If your insurer or prospective insurer is not an XL group company, we will not share your data with XL group's insuring entities.

  • 6. Information security and storage

    We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.

    We will keep your personal information for as long as we have a relationship with you, and for a period thereafter which is in line with XL Group's Global Records Management Policy.

  • 7. International data transfer

    Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law or by the European Commission. XL Group has put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

  • 8. Non personal confidential information

    The provisions of sections 4 and 5 of this Privacy Policy also apply to any non personal confidential information we hold about you.

  • 9. Contact us

    Angel Risk Management Limited, acting on behalf of the Insurer named in the Schedule or as defined in your policy, is the controller responsible for the personal information we collect and process. Our Data Protection Officer can be contacted at: compliance@xlgroup.com

    If you have questions or concerns regarding the way in which your personal information has been used, please contact the Data Protection Officer.

    We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority.

  • 10. Use of cookies

    The Angel website use "cookies" to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

    One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalise Angel pages, or register with Angel, a cookie helps Angel Risk Management to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Angel website, the information you previously provided can be retrieved, so you can easily use the Angel features that you customised.

    You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Angel website.

    We may use the following types of cookie on the Angel website:

    1. Session cookies: Session cookies allow this website to link the various actions of a user during a browser session, including which pages the user visited before visiting this one. Session cookies expire when the browser session ends.
    2. Persistent cookies: Persistent cookies are stored on a user's device in between browser sessions, storing information about the preferences or actions of the user across a site (or possibly across different XL Group websites).
    3. Google Analytics: Google Analytics is a popular web analytics service that uses cookies to count the number of people that visit angelriskmanagement.com and help analyze how they use it (e.g., we can determine which pages on our site are visited most frequently). The information generated by the cookies (including your IP address) is transmitted to and stored by Google on its servers. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google uses this information to evaluate the way visitors use our website, compiling reports to us on website activity and providing other services relating to website activity and internet usage. The information also helps us improve this website. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google's behalf. Google undertakes not to associate your IP address with any other data held by Google.

    More information about the cookies we may use on our websites is set out in the table below.

    Type of cookieName of cookiePurposeSourceExpires after
    AzureARRAffinityAffinity Cookies are used to aid users to stay on the particular instance that they using till they break state and then things are saved at that time.angelriskmanagement.comSession
    snazzymaps.comSession
    Google1P_JARGoogle advertising cookie used for user tracking and ad targeting purposesgoogle.com30 seconds
    SThis cookie may collect certain information used to help improve services, including the pages users visit most often and whether users get error messages from certain pages. This cookie may also be used to anonymously measure the effectiveness of PPC (pay per click) and affiliate advertising.google.comSession
    SIDCCThis cookie is a security cookie to protect a user's data from unauthorized access.google.com2 years
    Google Analytics_gaGoogle Analytics - used to distinguish usersangelriskmanagement.com2 years
    _gagoogle.com2 years
    _gidangelriskmanagement.com24 hours
    _gatGoogle Analytics - used to throttle request rate, distinguish users and for Campaign infoangelriskmanagement.com1 minute
    Google MapsSIDGoogle set a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.google.com2 years
    SSIDgoogle.com2 years
    SAPISIDgoogle.com2 years
    NIDgoogle.com6 months
    HSIDgoogle.com2 years
    APISIDgoogle.com2 years
  • 11. Changes to the policy

    You may request a copy of this Privacy and Cookies Notice from us using the contact details set out above. We may modify or update this Privacy Notice and Cookies from time to time.

    If we change this Privacy Notice and Cookies, we will notify you of the changes by a notice on this website. Where changes to this Privacy Notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).

angel risk management
3rd Floor, 1 Legg Street,
Chelmsford, Essex, CM1 1JS

telephone +44 (0)1245 343630
fax +44 (0)20 7784 8055
email info@angelriskmanagement.com

AXA XL
20 Gracechurch Street,
London EC3V 0BG

telephone +44 (0)20 8442 0000
fax +44 (0)20 8442 0000
email info@axaxl.com

© Angel Risk Management Limited © 2018 |Angel Risk Management Limited is an intermediary authorised and regulated by the Financial Conduct Authority (No. 718451)
Angel Risk Management Limited is a subsidiary of AXA SA.